Selling on online marketplaces carries significant risks including phishing, scams, and loss of seller protections. Threats targeting sellers are increasingly common, and understanding these risks can prevent financial loss. Affected: Ebay, Facebook Marketplace, Reverb, Shopify
Keypoints :
- Online marketplaces are popular for reselling a wide variety of items.
- Buyers are often protected, but sellers face unique risks from scams.
- Many phishing attacks target sellers via platform messaging features.
- Payout account verification scams attempt to steal sensitive financial information.
- Scammers often pressure sellers to conduct off-platform transactions, voiding seller protections.
- Common tactics include changing shipment details and using โfriends and familyโ payment options to dodge protections.
- Multi-factor authentication (MFA) is crucial for protecting online marketplace accounts.
- Sellers should validate messages received and avoid modifying shipping addresses post-sale.
- Protection strategies exist through various security tools and platforms.
MITRE Techniques :
- Phishing (T1566): Attackers use direct messaging to impersonate the platform and obtain sensitive information.
- Credential Dumping (T1003): Phishing attacks compromise seller accounts for further manipulation, listing, and fraud.
- Data Destruction (T1485): Scammers may target seller accounts to erase transaction details after fraudulent actions.
- Exploitation of Remote Services (T1210): Use of malicious links for credential harvesting through compromised legitimate-looking pages.
Indicator of Compromise :
- [URL] http://maliciouswebserver[. ]com/path
- [URL] https://attacker-controlled-site[. ]com
- [Email Address] suspicious-email@example[. ]com
- [Domain] phishing-site[. ]com
- [IP Address] 192.0.2.1
Full Story: https://blog.talosintelligence.com/online-marketplace-scams/